Goodnotes Privacy Policy

Last Updated: August 2023

Protecting your privacy at Goodnotes

Your privacy matters to us as much as it does to you. At Goodnotes, we take great care in handling your personal data safely and responsibly.

Our privacy principles:

  • We never sell or rent your data or notebook content to third parties.
  • We don't access or collect data from your notebooks or documents without your permission.
  • We use limited, anonymized data to improve our services and meet legal obligations.

Data sharing policy:

We only share your data:

  • When you explicitly give us permission to do so and with the third parties specifically identified in this policy
  • To protect the rights, property, or safety of us, our customers, or others.

What we collect:

  • Basic personal data (name, email, country) when you register.
  • Anonymous statistical data (crash frequency, feature usage) to enhance the app experience.

If data is shared with third parties, we ensure they are bound by data protection agreements or confidentiality obligations. Please read our comprehensive Privacy Policy for more details. We update this regularly to follow the latest laws and best practices.

  • Goodnotes Limited and its affiliates (the “Company”, “Goodnotes”, “we”, “our” or “us”) are committed to protecting and respecting your privacy. We are a company with our registered office at 1 Bartholomew Lane, London, United Kingdom, EC2N 2AX. This privacy policy (or “Policy”) sets out the basis on which any data and information the Company collects from you will be processed by the Company during your interactions with us, including through your use of the Goodnotes  services which includes the Goodnotes application (including Goodnotes iOS, Windows, Web application and Android), Goodnotes Cloud, Goodnotes Account and other software, features or content provided by us (including, without limitation, Audio Recording Feature, Goodnotes Pro, Goodnotes Beta, Goodnotes Experimental Features, Goodnotes AI and Goodnotes Marketplace, Goodnotes Business and Goodnotes Enterprise and any other product or services that links to this Policy, as well as all functionality that Goodnotes makes available and any other product or services that links to this Policy, as well as all functionality that Goodnotes makes available (collectively, the "Services")

  1. 1. What kind of data is being collected?

    We may collect and process “Personal Data” (which is defined as any data that identifies or can be used to identify you) about you when you visit, install, download, access, register for or use our Services, or contact us in relation to the Services. The nature of the Personal Data that we may collect, and process will be determined by how you are using our Services. We will only use your Personal Data as set out below and always in accordance with applicable data protection laws, including but not limited to the European Union's General Data Protection Regulation 2016/679 (the “EU GDPR”) together with the version of the EU GDPR which is incorporated into the domestic law of the United Kingdom (the “UK GDPR”) (the EU GDPR and the UK GDPR are collectively referred to as the "GDPR").

    We do not collect special categories of Personal Data (as defined in the GDPR), which means Personal Data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic and biometric data, or data concerning health, sex life or sexual orientation. We do not expect our users to share or provide us special categories of Personal Data.
    1. Information that you provide to us and personal data we may collect:

      Such information may include (by way of a non-exhaustive list):

      • basic Personal Data about you (such as first name; family name; email address, country and your language);
      • for certain support requests and issues, we may ask you to export and send us diagnostic data of your app. This data includes information necessary to diagnose and resolve issues you might experience with our Services including the titles of your documents, folders, and imported files;
      • any information that you choose to share through the Services which may be considered Personal Data, including any information you upload containing details about you; and
      • if you make a purchase, your credit card or debit card information (such as card type and expiration date) and other financial data that we need to process your payment may be collected and stored by third party payment processors with which we work. We may also collect some limited information, such as your postal code and details of your transaction history.

      Goodnotes Services are not intended for use by covered entities (as such term is defined in the Health Insurance Portability and Accountability Act of 1996 in the United States) for the transmission of Protected Health Information, nor intended for the transmission of sensitive personal information (as defined by the California Consumer Privacy Act, as amended) such as payment card or financial information (except when making a purchase), so please do not share this information with us.

    2. Information that we automatically collect or generate about you:

      When you use our Services, we automatically receive and collect information about you and your device. This includes (by way of non-exhaustive list):

      • any information regarding the Services accessed and/or used by you and our interactions with you;
      • a file with your contact history to be used for enquiry purposes so that we may ensure that you are satisfied with the Services which we have provided to you; 
      • usage data when you visit or otherwise use the Services, including details of the location of the device used and IP address;
      • marketing and communications data collected regarding marketing, promotions and communicating new features; and
      • activity data relating to your usage of the Services, which reveal your preferences, interests, or manner of use of the Services and the times of use, e.g., IP address, device type, other unique device identification, storage usage, data usage, time zone settings etc.
    3. Information we obtain from other sources:

      We sometimes collect Personal Data provided to us by third-parties, service providers, agencies or other publicly available sources where applicable. This includes (by way of non-exhaustive list):

      • social media features which may collect your IP address, which page you are visiting on one of our sites or sub-domains, and may set a Cookie to enable the feature to function properly. Features may also allow third party social media services to provide us with information about you, including your name, email address, and other contact information. The information we receive is dependent upon your privacy settings with the third-party social media service. Features are either hosted by a third party or hosted directly in the Goodnotes  Services. Your interactions with these features are governed by the privacy statements of the third-party companies providing them. You should always review and, if necessary, adjust your privacy settings on third party websites and services before linking or connecting them to our Services.
  2. 2. What is this data being used for?

    1. Your Personal Data may be stored and processed by us in the following ways and for the following purposes:
      • to allow you to use and access the features and functionality provided by the Services;
      • to set you up to use the Services, including creating and administering your account;
      • to address and send communications to you about changes to our terms or policies or modifications to the products or other important notices;
      • to understand feedback on the Services and to help provide more information on the use of those services quickly and easily;
      • to communicate with you in order to provide you with the Services or information about us and the Services;
      • to allow us to tailor the information you see about materials and information that are most relevant to you;
      • for optimizing the Services and your experience using the Services, and for ongoing review and improvement of the information provided on the Services to ensure that it is user friendly;
      • to take measures to protect against and try to prevent any potential disruptions or cyber-attacks;
      • to understand your needs and interests and, where you have provided your consent, to send you marketing communications about our Services;
      • to provide you with technical and other support;
      • for the management and administration of our business or in relation to a sale, reorganization, financing or other similar corporate transaction involving our business; 
      • in order to comply with and in order to assess compliance with applicable laws, rules and regulations, subpoenas, legal processes, governmental requests, and internal policies and procedures;
      • for the administration and maintenance of our databases storing Personal Data; or
      • to detect, prevent, or otherwise address fraud, security or technical issues.
    2. However we use your Personal Data, we make sure that our usage complies with applicable data protection laws. The law allows or requires us to use your Personal Data for a variety of reasons. These include where:
      • we need to do so in order to perform our contractual obligations with our customers and third-party providers;
      • we have obtained your consent;
      • we have legal and regulatory obligations that we have to discharge;
      • we may need to do so in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
      • the use of your Personal Data as described is necessary for our legitimate business interests, such as:
        • allowing us to effectively and efficiently manage and administer the operation of our business and the Services;
        • to enforce contracts and applicable Terms of Use, including investigation of potential violations thereof;
        • maintaining compliance with internal policies and procedures;
        • monitoring the use of our copyrighted materials;
        • enabling quick and easy access to information on the Goodnotes  Learn and the Services; and
        • protect against harm to the rights, property or safety of Goodnotes , our users, customers, or the public as required or permitted by law.
  3. 3. Who is my data disclosed to?

    1. We may disclose your Personal Data to other companies within our group for the purposes set out in "What is this data being used for?" above, as well as to law enforcement and regulatory agencies as may be required by law.
    2. If you use certain features in the Services, such as collaboration features, the information contained in the content that you share, which will include any Personal Data contained in such content, will be shared with the individuals that you select or anyone else who they may share with. We will not share your information this way unless you direct us to do so through your use of the Services.
    3. We may disclose and transfer your Personal Data to our agents, contractors or vendors ("Service Providers"). When we do this, we will ensure that they are under a duty of confidentiality to us and we have imposed contractual obligations to ensure they can only use your Personal Data to provide agreed services to us and to you. Such Service Providers may provide administrative, data processing or other similar services to us to enable us to better provide the Services.
    4. We may provide your Personal Data to actual or proposed assignees or transferees of our rights with respect to you in connection with a merger, sale or transfer (whether of assets or shares), reorganization, liquidation or dissolution of a company within our group, or steps taken in anticipation of such events (e.g., due diligence in a transaction). In such cases, information will be anonymised where possible and only shared where necessary.
    5. In particular, certain of the specific third parties that we disclose data to include:
      • In order to log aggregated statistical, non-Personal Data, we use Google Analytics for Firebase.
      • We use Zendesk by Zendesk Inc. for handling customer support emails.
      • We use Mailchimp for sending newsletters and tips and tricks to subscribers that subscribe voluntarily.
      • To collect feedback and ideas in our idea forum, we use the service provided by UserVoice. In order to submit feedback to the forum, an account with UserVoice will need to be created.
      • We use Amazon Web Services to power the infrastructure for Goodnotes  Cloud.
      • We use Datadog to collect diagnostic and usage data and monitor the infrastructure for Goodnotes Cloud.
      • We provide optional functionalities which allow you to sync your files on the app to your iCloud account.
      • We use Mixpanel and Amplitude to collect information about the usage of our app to maintain and improve our app, our Services, products and features.
      • We may use Braze or other third party providers to notify you of important events about the Services and provide you with an enhanced user experience when using the Services.
  4. 4. Retention Process

    1. How long we will hold your Personal Data for will vary and will be determined by the following criteria:
      • the purpose for which we are using it – we will need to keep your Personal Data for as long as is necessary for that purpose; and
      • legal obligations – laws or regulation may set a minimum period that we have to keep your Personal Data.
  5. 5. International transfers of Personal Data

    1. We are a global business. Our customers and our operations are spread around the world. As a result, we collect and transfer Personal Data on a global basis. That means that we may transfer your Personal Data to locations outside of your country.
    2. When we transfer your Personal Data to another country outside the UK and / or EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside the UK and / or EEA, for example, this may be done in one of the following ways:
      • the country that we send the data to might be approved by relevant data protection authorities as offering an adequate level of protection for Personal Data;
      • the recipient might have signed up to a contract based on “model contractual clauses” approved by relevant data protection authorities, obliging them to protect your Personal Data;
      • the recipient may have adhered to binding corporate rules; or
      • In other circumstances the law may permit us to otherwise transfer your Personal Data outside Europe.
    3. You can obtain more details of the protection given to your Personal Data when it is transferred outside the UK and / or EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us as referred to in the “More Questions” section below.
  6. 6. Keeping your data secure

    1. We will use technical and organisational measures designed to safeguard your Personal Data, for example:
      • access to your membership, if you register with us, is controlled by your email and a password that is unique to you;
      • we encrypt your Personal Data;
      • any Personal Data that we process or store is done on secure servers.
    2. All processing of your Personal Data shall be conducted according to the data protection principles as follows:
      • Personal Data must be processed lawfully, fairly and transparently;
      • Personal Data must be accurate and kept up to date with every effort to erase or correct;
      • Personal Data must be processed in a manner that ensures the appropriate security.
    3. In addition, we have appropriate security measures in place designed to prevent Personal Data from being accidentally or unlawfully lost, used or accessed. We limit access to your Personal Data to those who have a genuine business need to access it. We take steps designed to ensure that those processing your Personal Data will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to respond to data security breaches. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
  7. 7. Information about other individuals

    If you give us information on behalf of someone else, you confirm and represent that you have the consent of such person to do so and such person has appointed you to act on his/her behalf to:
    • give consent on his/her behalf to the processing and transfer of his/her Personal Data; and
    • receive on his/her behalf any notices relating to data protection.‍
  8. 8. Third Party Websites

    Our Services may contain links to other websites operated by third parties and may include social media features such as Facebook, Twitter, YouTube, and Instagram buttons or links. You may also submit content to our blog through Medium. These third-party websites may collect information about you if you click on a link or visit those websites, and the social media sites may automatically record information about your browsing behaviour every time you visit a website that has a social media button. Your interactions with these features and third parties are governed by the privacy policy of the third party, not by this privacy policy.
  9. 9. Your rights Under the GDPR

    1. Under certain circumstances, you may have rights under data protection laws in relation to your Personal Data which you can exercise free of charge. These rights include:
      • The right to know whether we hold your Personal Data and to request access to your Personal Data held by us.
      • The right to withdraw your consent to the processing of your Personal Data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation.
      • The right to request that we rectify your Personal Data if it is inaccurate or incomplete.
      • The right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data, but we are legally entitled to retain it.
      • In some circumstances, the right to receive the Personal Data you provided to us in a structured, commonly used and machine-readable format and/or to instruct us to transmit that data to a third party.
      • The right to object at any time to your Personal Data being processed for direct marketing and in other certain circumstances, such as if we change our legitimate interests from the basis on which we initially collected and processed your Personal Data.
      • The right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.
    2. If you wish to exercise any of the above rights, or make any related complaint or request in relation to your Personal Data, please contact us by using the contact details in the “More Questions” section below.
    3. Further information about your rights may be obtained by contacting the supervisory data protection authority located in your jurisdiction.
  10. 10. Children

    Goodnotes does not knowingly collect personally identifiable information data directed at children under 13 according to the Children’s Privacy Protection Act (“COPPA”).
  11. 11. California Residents

    Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), California residents have certain rights regarding their “personal information” (as that term is defined under the CCPA). For a copy of our privacy notice to residents of California (United States), please go to our supplemental California Privacy Notice. Please refer to our supplemental California Privacy Notice for additional information about our activities and data practices subject to the CCPA.
  12. 12. Virginia Residents

    Under the Virginia Consumer Data Protection Act (the “VCDPA”), Virginia residents have certain rights regarding their “personal data” (as that term is defined under the VCDPA). For a copy of our privacy notice to residents of Virginia (United States), please go to our supplemental Virginia Privacy Notice.
  13. 13. Cookies

    To the extent that we collect Personal Data with the help of Cookies (which are small text files that include a small quantity of information sent to the browser of users, by a web server, and stored on the hard disk drive of a computer for purposes of archiving, collecting navigation data for statistical analysis purposes, and offering services related to your interests or location), we will process it in accordance with this Privacy Policy and our Cookies Policy which can be found at Cookies Policy.
  14. 14. More questions

    1. We commit to resolving complaints about our collection or use of your Personal Data. Individuals with inquiries or complaints should first contact
    2. You also have a right to lodge a complaint with a competent supervisory authority situated in a member state of your habitual residence, place of work, or place of alleged infringement.
  15. 15. Changes to this policy

    The Company reserves the right to make changes to this privacy policy at any time by giving notice to its users on the site, the app, or as notified by us to you (by email for example), where possible. We recommend checking this page to stay up to date with the latest changes.
Goodnotes uses cookies to enhance user experience and analyze traffic. Details of which cookies we use are available at our Cookie Policy. By continuing to browse the site, you accept cookies. You can withdraw your consent by adapting your preferences in the ‘preferences’ section.